Chinese manufacturer installs spyware into scanners

Security experts claim that a Chinese manufacturer has been installing malware in its hand-held scanners that steals supply chain data.

TrapX says infected scanners made by an unnamed Chinese manufacturer located in Shandong province have been sold to eight unnamed firms including a large robotics company. The manufacturer denied knowledge that its scanners and website-hosted software were infected.

Sixteen of the 48 scanners deployed at one firm were infected, TrapX found. They all successfully sought out and compromised host names containing the word finance and siphoning off the logistical and financial data. The report Anatomy of the Attack: Zombie Zero said:

"Exfiltration of all financial data and ERP data was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company’s worldwide operations,".

TrapX suspected the attacks dubbed Zombie Zero were backed by the Chinese government and were a bid to gain intelligence on either logistics firms or their customers.